Decompiled

Why Use Active Directory with WordPress?

I recently set up a WordPress Blog internally for our company to use over our intranet to help improve communication, collaborate, share and develop ideas, and stay informed about company announcements or current events.. etc.

One of the requirements I had was to allow authentication against our Active Directory. Yes, we operate a Windows network primarily, but you can also authenticate against other LDAP directories as well. This was important from an IT position as well as the participants of the blog. I felt people would be more likely to participate if they didn’t have to manage separate user accounts for each service on the intranet. I also set up a Wiki that is Active Directory enabled. I’ll post about that at a later time. The point is, it makes little sense to create different credentials for each user with each new service. It not only becomes a hassle for IT to track and manage the accounts, it’s also a drag for participants to keep track of and manage their username and password pairs for each service. The result would most likely lead to lack of use and that is not what we want.

Integrating the existing Active Directory accounts means that each participant can access these services using the same credentials they use to access or log into their network accounts and desktops. When time comes to change passwords, you need only to update the Active Directory account and your done. Simple! What could be better?

Starting Point

The first thing we needed to do was find out how to include AD Authentication with WordPress 2.5. There are a small number of plugins that claim to allow AD Authentication, but from what I came across, most of them were older and no longer actively maintained. But…there were two in particular that still showed signs of being actively maintained and had promise.

The first was was aptly called “Active Directory Authentication”

The other plugin and the ultimately the one I managed to successfully include is wpDirAuth.

The Trials

Although I was able to get wpDirAuth to work with WordPress 2.5, there was a catch. The current “Official” release of wpDirAuth as of this writing is version 1.2 which is not compatible with WordPress 2.5 so there was some work involved to make this happen. I visited the wpDirAuth plugin page to look at the install directions. They seemed easy enough. It wasn’t until I actually installed and activated the plugin that I realized it wouldn’t work. My next stop was the support channel that the author set up to help troubleshoot install and authentication issues. It was here that I learned there was a patch already available and provided by a generous wpDirAuth user - Adam Yearout. I applied the patch and then tried to login with my network credentials again, and … No luck! By now I was scratching my head. Searching and reading all the information I could find, I finally found myself on the wpDirAuth Developer Support Channel. This was another channel set up specifically for developers. It was here that I uncovered some clues as to what was happening and a small code tweak that was necessary to overcome the problem. Apparently, the author of the plugin assumed that the login name was also the name associated with the Active Directory Account Email, which in most cases is true, but not always. For example username: johndoe would by default have an email johndoe@domain.com. In my case, my email and name and login name were not the same, so the logic that the plugin author used would not work. The good news is that the fix is a fairly simple one if you know where to look and the dev channel contained all the clues needed to find the info.

Setting up wpDirAuth with WordPress 2.5

For this how-to, I am using wordpress 2.5 installed on an Ubuntu 8.04 LTS server With Apache2 and PHP5. There is no GUI and I am not running an ftp server on this server so all settings and changes are completed using putty over SSL. (more…)

After installing Ubuntu Linux 7.10 Server Edition, I found that the IP address was assigned by DHCP served by my home router. This is fine for getting the server installed, but under most conditions, you will want to assign a static IP for your server. This Blog post will show you how to do just that. One of the issues with the Ubuntu server editions is that everything is done from a command line. There is no pretty windowed GUI.

One thing to note is that these commands need to be issued from either root or using sudo. I prefer to use the sudo su method to avoid having to type sudo each time I issue a command. (WARNING) if you do use sudo su, remember to exit the root when you are done.

In this example, I will be assigning the a static IP address of 192.168.1.2 to the primary network interface on my server.
My network subnet is 192.168.1.0
My network gateway is 192.168.1.3
And my netmask is 255.255.255.0
(more…)

I recently tried to run some .Net 2.0 code on my testing web server (IIS 5). Now, my server has .Net Frameworks 1.1 and 2.0 installed, but when I tried to run some 2.0 code, I got a series of errors on the page with a small line at the bottom that said the page was executing under the .net 1.1 Framework.

I thought to myself, If the 2.0 Framework is installed, why won’t it just use that. So I open up the Internet Services Manager for IIS to see if there was anything there that could help me figure this little issue out. Well, as it turns out, you need to specify what framework a web uses to execute it’s code from within the IIS Manager console. These settings are found by right clicking on the target web site in the Manager console and selecting “properties”.

Now in the properties panel, select the ASP.Net tab. In this tab view you should see a form page containing a few fields and a couple buttons. The first field at the top of the form is labeled “ASP.Net Version” and has a drop down menu containing the available installed framework versions. Select the appropriate version you want to use to process asp.net pages for the web your working in and hit the “Apply” or “OK” button. That’s all there is to it! You can also specify different Frameworks for different webs that are hosted on the same server. One of the good things about the .Net Frameworks is that they install and run independently of each other.

ComputerWorld has a good article of what they consider the 8 most dangerous consumer technologies.

This is a topic I revisit often and a lot of good points are brought up in this article.

Scott Lowe has a good article here describing some of the obsticles he ran into while installing Microsoft Exchange 2007

This will be helpful if I decide to stick with Exchange and upgrade to the 2007 release.

A Quick Rant:

It is time to start planning for server upgrades at the company I work for. At the center of our network, we have an exchange 2000 server loaded with public folders. Public folders are crucial to our daily work and are used to organize all current publicity tours.

Unfortunately, Microsoft has planned to discontinue support of public folders after the Exchange 2007 release. From what I understand, they are available in the new release (2007), but not by default and will not be available in future releases. The system requirements also up the ante for an exchange upgrade, and our current hardware will need to be upgraded as well…which brings me to my dilemma.

I am leaning toward a recommendation for upgrading to Exchange 2007 and migrating to new server hardware required as well, …OR… do I consider the alternatives?

1) I have done some research on Exchange replacements and it seems that Scalix or Zimbra are as close as they come and they actually look pretty impressive. These run on linux based platforms and would run on existing hardware with public folder support. But this doesn’t come without it’s potential pitfalls.

The transition from Windows 2000 - Active Directory - Exchange combo to a Linux - LDAP - Scalix/Zimbra is not exactly an easy way out.

How does LDAP compare to AD for use with user/group authentication?
Can user and group accounts be transfered from AD to LDAP and maintain network permissions?
Can users be managed in the same way using LDAP as they are in AD?
Can I use Scalix/Zimbra with AD and forget the idea of needing LDAP? (after all, AD is pretty much just a modified LDAP).

2) Do I recommend the Exchange upgrade and try to find public folder replacement or develop a custom in-house replacement.

I like the idea of breaking the windows licensing trap and the potential savings, but at the same time, I am cautious about the support available with the alternatives, not to mention changes required make such a transition. I tend to think that the the second option is likely the easiest and more hassle-free of the two, however, I have yet to come across anything that works like public folders in a stand alone application.